Authd Vulnerability (CVE-2024-9313) Allows User Impersonation on Ubuntu Systems
A high-severity vulnerability, CVE-2024-9313 ((CVSS 8.8)), has been discovered in Authd, an authentication daemon used for secure identity and access management in Ubuntu machines. This flaw could allow malicious actors to impersonate other users on a compromised system, potentially granting them unauthorized access to sensitive data and resources.
Authd serves as a bridge between Ubuntu machines and cloud-based identity providers, facilitating secure management of identity and access both on desktop and server environments. Its modular architecture enables it to integrate with multiple identity providers, including Microsoft Entra ID, and more integrations are currently under development. While Authd provides essential functionality for identity management, the discovery of CVE-2024-9313 reveals a critical weakness in its authentication process.
Exploitation of this vulnerability is possible through tools like su, sudo, and ssh, which currently lack adequate checks to ensure the PAM user at the end of a transaction matches the initiator. This means an attacker could potentially gain access to another user’s account and perform actions as that user.
The good news is that a fix has been implemented in Authd version 0.3.5. This update prevents user switching unless the PAM stack has not previously set the user. Furthermore, upcoming versions of su, ssh, and sudo will include patches to address this vulnerability at the tool level, providing further protection.
Users of Authd are strongly urged to update to version 0.3.5 or later immediately. Administrators should also consider implementing compensating controls, such as stricter access controls and monitoring for suspicious activity, until vulnerable versions of su, ssh, and sudo are updated.
